Santiago Pontiroli

Security Researcher, Global Research & Analysis Team

Santiago Pontiroli joined Kaspersky's Global Research and Analysis Team (GReAT) as a security researcher in 2013. His principal responsibilities include the analysis and investigation of security threats in the Latin American region, the development of automatization tools, reverse engineering of programs with malicious code and creating analysis reports derived from threat intelligence studies. His expertise includes the analysis of gaming trends and threats, the evolution of the cryptocurrency sector and implementation of blockchain technologies. Santiago regularly trains executives in topics such as threat intelligence, YARA, and advanced malware analysis. He has been quoted in industry publications across Latin America and has participated as a notable speaker in industry conferences worldwide, including Virus Bulletin, BSides New York and Chile, Kaspersky Security Analyst Summit (SAS) and Nuit du Hack, among others. Santiago holds degrees in systems engineering and systems analysis from the Universidad Tecnológica Nacional F.R.L.P in Buenos Aires, Argentina.

@spontiroli

Reports

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.

Santiago Pontiroli

The rise of .NET and Powershell malware

The cake is a lie! Uncovering the secret world of malware-like cheats in video games

A nightmare on malware street

“All your creds are belong to us”

BSides NYC, a volunteer organized event put on by and for the community

Publications

Cyberthreats to financial organizations in 2022

The cake is a lie! Uncovering the secret world of malware-like cheats in video games

BSides NYC, a volunteer organized event put on by and for the community

XPan, I am your father

Kaspersky Security Bulletin 2016. The ransomware revolution

The first BSides Latin America, this time in Sao Paulo

“All your creds are belong to us”

The rise of .NET and Powershell malware

Coinvault, are we reaching the end of the nightmare?

Our Fifth Latin American Security Analysts Summit in Santiago de Chile

One night to hack in Paris

Challenging CoinVault – it’s time to free those files

Reports

APT trends report Q1 2022

Lazarus Trojanized DeFi app for delivering malware

MoonBounce: the dark side of UEFI firmware

The BlueNoroff cryptocurrency hunt is still on

Subscribe to our weekly e-mails